github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-18 07:14:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

added file analyzer documentation

Browse Source 
Former-commit-id: c0c29021cd1197f26942ff36c8b63220d1267c21
This commit is contained in:
Jeremy Long
2014-06-22 19:55:21 -04:00
parent 452955667c
commit b64916ce3f
6 changed files with 65 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/site/markdown/archive-analyzer.md Normal file
View File

@@ -0,0 +1,16 @@
Archive Analyzer
==============
Dependency-check includes an analyzer an archive analyzer that will attempt
to extract files from the archive that are supported by the other file type
analyzers.
Files Types Scanned: ZIP, EAR, WAR, JAR, SAR, APK, NUPKG, TAR, GZ, TGZ
Additional file extensions for ZIP archives can be added, see the configuration
section in the Maven, Ant, or CLI interfaces for more information on configuration.
Note, since this analyzer does examine the contents of a JAR file there are times
that you may see additional entries in the report and/or warnings in the log file (if used)
for DLL or EXE files contained within the JAR file. In almost all cases these can
be ignored as it is fairly rare to have a .NET dll or exe within a JAR file.

11
src/site/markdown/assembly-analyzer.md Normal file
View File

@@ -0,0 +1,11 @@
Jar Analyzer
==============
Dependency-check includes an analyzer that scans JAR files and collect as
much information it can about the file as it can. The information collected
is internally referred to as evidence and is grouped into vendor, product, and version
buckets. Other analyzers later use this evidence to identify any Common Platform
Enumeration (CPE) identifiers that apply. Additionally, if a POM is present
the analyzer will add the Maven group, artifact, and version (GAV).
Files Types Scanned: JAR, WAR

10
src/site/markdown/jar-analyzer.md Normal file
View File

@@ -0,0 +1,10 @@
Assembly Analyzer
==============
Dependency-check includes an analyzer that scans .NET dll and exe files and collect as
much information it can about the files as it can. The information collected
is internally referred to as evidence and is grouped into vendor, product, and version
buckets. Other analyzers later use this evidence to identify any Common Platform
Enumeration (CPE) identifiers that apply.
Files Types Scanned: EXE, DLL

2
src/site/markdown/nexus-analyzer.md
View File

@@ -1,7 +1,7 @@
Nexus Analyzer Nexus Analyzer
============== ==============
Dependency Check includes an analyzer which will check for the Maven GAV Dependency-check includes an analyzer that will check for the Maven GAV
(Group/Artifact/Version) information for artifacts in the scanned area. By (Group/Artifact/Version) information for artifacts in the scanned area. By
default the information comes from [Maven Central][1], but can be configured to default the information comes from [Maven Central][1], but can be configured to
use a local repository if necessary. If the artifact's hash is found in the use a local repository if necessary. If the artifact's hash is found in the

13
src/site/markdown/nuspec-analyzer.md Normal file
View File

@@ -0,0 +1,13 @@
Nuspec Analyzer
==============
Dependency-check includes an analyzer that will scan NuGet's Nuspec file to
collect information about the component being used. The evidence collected
is used by other analyzers to determine if there are any known vulnerabilities
associated with the component.
Note, the Nuspec Analyzer does not scan dependencies defined. However, if
the dependencies have been downloaded and may be included in the scan depending
on configuration.
Files Types Scanned: NUSPEC

14
src/site/site.xml
View File

@@ -84,9 +84,23 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
<item name="Sample Report" href="./SampleReport.html"> <item name="Sample Report" href="./SampleReport.html">
<description>Sample Report</description> <description>Sample Report</description>
</item> </item>
</menu>
<menu name="File Type Analyzers">
<item name="Archive Analyzer" href="./archive-analyzer.html">
<description>Archive Analyzer</description>
</item>
<item name="Jar Analyzer" href="./jar-analyzer.html">
<description>Jar Analyzer</description>
</item>
<item name="Nexus Analyzer" href="./nexus-analyzer.html"> <item name="Nexus Analyzer" href="./nexus-analyzer.html">
<description>Nexus Analyzer</description> <description>Nexus Analyzer</description>
</item> </item>
<item name="Assembly Analyzer" href="./assembly-analyzer.html">
<description>Assembly Analyzer</description>
</item>
<item name="Nuspec Analyzer" href="./nuspec-analyzer.html">
<description>Nuspec Analyzer</description>
</item>
</menu> </menu>
<menu name="Modules"> <menu name="Modules">
<item name="dependency-check-core" href="./dependency-check-core/index.html"> <item name="dependency-check-core" href="./dependency-check-core/index.html">